Protect mobile apps with App Hardening, Code Obfuscation, Anti-Tampering, Anti-Debugging, Anti-Reversing and more.
This Knowledge Base article explains how you can fully protect and harden any mobile app without code or coding.
We hope you find it useful and enjoy using Appdome!
About Mobile App Protection
ONEShield™ by Appdome combines Appdome’s existing app hardening features, among them anti-tampering, anti-debugging and anti-reversing protections and other features — making Appdome the single most comprehensive solution to protect mobile apps.
ONEShield™ by Appdome is added during Fusion in all cases. Whether you are Fusing an app with the Appdome Mobile Security Suite, an EMM SDK, or an Identity SDK, Appdome’s ONEShield™ protection is added to your app.
The app you are Fusing on Appdome can be built with any tool such as Xcode for iOS or Android Studio using any mobile development frameworks such as Xamarin, Cordova, and React Native.
How to add ONEShield™ to any mobile app on Appdome
Follow these step-by-step instructions to add ONEShield™ to Any Mobile App:
Upload a Mobile App to Your Account
Select the ONEShield™ section
When Fusing with Appdome Security, an EMM SDK, and/or an Identity SDK, you will see a “ONEShield™ by Appdome” section.
Click to expand ONEShield™ by Appdome:
View and/or select the ONEShield™ options that will be integrated into the app without you having to write a single line of code. With ONEShield™ your app is enabled with:
- Block Frida Toolkits – Automatically detect and block Frida based toolkits from reverse-engineering and instrumenting your application’s UI and logical flow.
- Block Common Cheat Engines – Automatically detect and block common cheat engines that leverage memory tracing techniques from modifying your application.
- Anti-Debugging – Appdome prevents anybody from debugging a built app.
- Detect Debugger Code Manipulations – During the app run-time, Appdome will actively detect and block any code manipulations performed by debuggers on the protected app.
- Anti-Tampering – Appdome protects a built app from being changed or modified by anyone.
- Prevent running on Simulators
A common method for attackers to compromise applications is to run them on a simulator (which is an environment completely under the control of the attacker). Appdome implements measures to recognize that it runs on a simulator and forces termination of the application instance.
- Checksum Validation
Appdome verifies that the application has not been modified since it was sealed.
- App Integrity/Structure Scan
Appdome looks for weakening elements in the application such as malicious URLs.
- Anti-Reversing – Appdome encrypts key logical elements and resources such as methods, strings, and assets to make reverse engineering of a built app impossible.
- Obfuscate built Services
Appdome’s core code and the additional services selected will be obfuscated. In addition, the data embedded in Aappdome’s code will be encrypted so as to prevent common “recon” attacks such as searching for strings in the code.
It should be worth noting that 3rd party services will not get obfuscated, only Appdome’s core and adapters. So for example, the code responsible forTOTALDataTM Encryption will be obfuscated, while for VMWare Workspace ONE (AirWatch) only the adapter code that glues the SDK to the application will be obfuscated, the VMWare Workspace ONE (AirWatch) code will remain as it is.
As shown in the following picture, many of the ONEShield™ options are always enabled for the protection of your app.
After you have made your selections, click Build My App and in about 20 – 40 seconds your app will be protected with ONEShield™. Pretty awesome!
After Adding ONEShield™ to a Mobile App on Appdome
After you have added ONEShield™ to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
That is it – Enjoy Appdome’s ONEShield™ protection in your app!
How Do I Learn More?
If you have any questions, please send them our way at email@example.com or via the chat window on the Appdome platform.